class ProvenancesController < ApplicationController
  # GET /provenances
  # GET /provenances.xml
  def index
    @provenances = Provenance.all
    
    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @provenances }
    end
  end
  
  # GET /provenances/1
  # GET /provenances/1.xml
  def show
    @provenance = Provenance.find(params[:id])
    
    respond_to do |format|
      format.html # show.html.erb
      format.xml  { render :xml => @provenance }
    end
  end
  
  # GET /provenances/new
  # GET /provenances/new.xml
  def new
    if authorize
      @provenance = Provenance.new
      
      respond_to do |format|
        format.html # new.html.erb
        format.xml  { render :xml => @provenance }
      end
    end
  end
  
  # GET /provenances/1/edit
  def edit
    if authorize
      @provenance = Provenance.find(params[:id])
    end
  end
  
  # POST /provenances
  # POST /provenances.xml
  def create
    @provenance = Provenance.new(params[:provenance])
    
    respond_to do |format|
      if @provenance.save
        flash[:notice] = '<div>Provenance was successfully created.</div>'
        format.html { redirect_to(:controller => 'families', :action => 'new') }
        format.xml  { render :xml => @provenance, :status => :created, :location => @provenance }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @provenance.errors, :status => :unprocessable_entity }
      end
    end
  end
  
  # PUT /provenances/1
  # PUT /provenances/1.xml
  def update
    @provenance = Provenance.find(params[:id])
    
    respond_to do |format|
      if @provenance.update_attributes(params[:provenance])
        flash[:notice] = 'Provenance was successfully updated.'
        format.html { redirect_to(@provenance) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @provenance.errors, :status => :unprocessable_entity }
      end
    end
  end
  
  # DELETE /provenances/1
  # DELETE /provenances/1.xml
  def destroy
    if authorize
      @provenance = Provenance.find(params[:id])
      @provenance.destroy
      
      respond_to do |format|
        format.html { redirect_to(provenances_url) }
        format.xml  { head :ok }
      end
    end
  end
  protected
  def authorize
    unless session[:user_id]
      flash[:notice] = "<div class='invisible'>Por favor identifiquese<div>"
      redirect_to :controller => 'admin', :action => 'login', :class => 'nyroModal', :rev=>'gal'
    else
      user = User.find(session[:user_id])
      if user.user_tipe_id == 1
        return true        
      else
        flash[:notice] = "<div class='invisible'>Por favor identifiquese<div>"
        redirect_to :controller => 'admin', :action => 'login', :class => 'nyroModal', :rev=>'gal'
      end
    end
  end
end
